National Fraud Intelligence Alert

Alert message sent 13/01/2017 14:00:00

Information sent on behalf ofCheshire Constabulary

‘Thank you for choosing to donate to Migrant Helpline’ Phishing and Malware Alert

The information contained within this alert is based on intelligence from various sources. The purpose of this alert is to increase awareness of the mass phishing campaign currently in circulation. The campaign’s primary function appears to be distributing a well known Trojan, through a malicious link contained in an email.

The alert is aimed at members of the public, local police forces, businesses and governmental agencies.

ALERT

Fraudsters are sending out a high number of phishing emails to personal and business email addresses purporting to be from ‘Migrant Helpline’.

The email address sending the majority of emails is noreply@yeshivadonations.com, however multiple email addresses have been seen. Although Migrant Helpline is a genuine charity, fraudsters are using it to trick members of the public into becoming victims of this fraud.

It should be noted that this fraud is in no way related to the real charity.

The subject line currently is ‘Thank you for choosing to donate to Migrant helpline’

The message body reads as the following:

Thanks again for donating

We're sending it straight to Migrant Helpline so you'll be making a difference very soon.

Your donation details:

First name: ****

Last name: ****

Tel. *********

Amount: £196

Donation Reference: 09493495

If you have any questions about your donation, please follow this link and download Your (Donation Reference 09493495), with the transaction details listed above.

With your help, YeshivaDonations can continue to work in Syria and neighbouring countries to deliver clean water and life-saving supplies to millions of people.

Your generosity is bringing much-needed assistance to families who have lost everything as a result of the crisis in Syria.

Warm regards,

YeshivaDonation

The first name, last name and telephone number are targeted and appear to be correct for those they are sent to.

Once the link is clicked, a well known Trojan (Ramnit) is downloaded onto the victim’s device. This malware is equipped to target and steal personal and corporate banking details.